Attack Surface Analyzer 2.0 Available for Checking Software Installs

Microsoft this week described Attack Surface Analyzer 2.0, an updated tool for checking software installations that's now built using open source code.

Attack Surface Analyzer 2.0, released about a week ago, can be used by IT security auditors to evaluate the risk of "third-party software" (software from non-Microsoft vendors). It can also be used by DevOps engineers to see the system changes made by software additions, per Microsoft's GitHub description. It's an open source tool, built using .NET Core, that runs on Linux, macOS and Windows systems.

The tool is needed, Microsoft's announcement explained, "because most installation processes require elevated privileges, which can lead to undesired system configuration changes."

Users of Attack Surface Analyzer 2.0 perform an initial system scan. They then install an application and perform yet another system scan. The tool will then show what changed based on certain criteria.

Currently, the criteria that can be selected include:

File System

User Accounts

System Services

Network Ports (listeners)

System Certificate Stores

Windows Registry

Other criteria may get added to the tool in the near future. Microsoft is considering adding code signing information, drivers, firewall settings, redistributable installations, network traffic, registry and some "requested features which existed in the original Attack Surface Analyzer," the GitHub page explained.

Attack Surface Analyzer 2.0 is deemed as being the replacement for the original Attack Surface Analyzer tool that Microsoft released back in 2012, which is still available here.

One catch to using Attack Surface Analyzer 2.0 is that installation files currently aren't available. Just a bunch of compressed files can be accessed from the GitHub code repository. An early tester encountered an odd roadblock, according to this Twitter post.

Microsoft updated an August security advisory this week to urge organizations using the Lightweight Directory Access Protocol in supported Windows systems to implement some configuration changes manually.